3com WX3000 Manuel D’Utilisation
1-4
2) The RADIUS client receives the user name and password, and then sends an authentication
request (Access-Request) to the RADIUS server.
3) The RADIUS server compares the received user information with that in the Users database to
authenticate the user. If the authentication succeeds, the RADIUS server sends back to the
RADIUS client an authentication response (Access-Accept), which contains the user’s
authorization information. If the authentication fails, the server returns an Access-Reject response.
4) The RADIUS client accepts or denies the user depending on the received authentication result. If it
accepts the user, the RADIUS client sends a start-accounting request (Accounting-Request, with
the Status-Type attribute value = start) to the RADIUS server.
5) The RADIUS server returns a start-accounting response (Accounting-Response).
6) The user starts to access network resources.
7) The RADIUS client sends a stop-accounting request (Accounting-Request, with the Status-Type
attribute value = stop) to the RADIUS server.
8) The RADIUS server returns a stop-accounting response (Accounting-Response).
9) The access to network resources is ended.
RADIUS message format
RADIUS messages are transported over UDP, which does not guarantee reliable delivery of messages
between RADIUS server and client. As a remedy, RADIUS adopts the following mechanisms: timer
management, retransmission, and backup server.
depicts the format of RADIUS messages.
Figure 1-3 RADIUS message format
Code
Attribute
Identifier
0
7
Length
Authenticator
7
15
31
1) The Code field (one byte) decides the type of RADIUS message, as shown in
Table 1-1 Description on the major values of the Code field
Code
Message type
Message description
1 Access-Request
Direction: client->server.
The client transmits this message to the server to determine if the
user can access the network.
user can access the network.
This message carries user information. It must contain the
User-Name attribute and may contain the following attributes:
NAS-IP-Address, User-Password and NAS-Port.
User-Name attribute and may contain the following attributes:
NAS-IP-Address, User-Password and NAS-Port.
2 Access-Accept
Direction: server->client.
The server transmits this message to the client if all the attribute
values carried in the Access-Request message are acceptable
(that is, the user passes the authentication).
values carried in the Access-Request message are acceptable
(that is, the user passes the authentication).